os-moda
Your server fixes itself at 3am. You sleep. AI-native operating system built on NixOS.
Stars: 66
osModa is a NixOS distribution with 9 Rust daemons and 72 typed tools, providing structured access to the entire OS without shell parsing. Every mutation is hash-chained, enabling atomic system state rollbacks. The agent runs at ring 0 with root access, ensuring tamper-proof audit logging. Third-party tools are sandboxed, while the agent is not. It offers structured system access, hash-chained audit ledger, FTS5 full-text memory search, ETH + SOL crypto signing, SafeSwitch deploys with auto-rollback, P2P encrypted mesh with hybrid post-quantum crypto, local voice, MCP server management, system learning and self-optimization, service discovery, emergency safety commands, Cloudflare Tunnel + Tailscale remote access, app process management with systemd-run, and 72 bridge tools.
README:
The AI doesn't manage the server. It is the server.
NixOS distribution. 9 Rust daemons. 72 typed tools. The agent runs at ring 0 — root access to every process, file, service, and kernel parameter. All mutations atomic and rollbackable. Every action hash-chained to a tamper-proof audit ledger. Third-party tools sandboxed. The agent is not.
Quickstart · Architecture · What It Does · API · Development
Current state of AI agents in production: shell out, parse text, hope the regex holds, no audit trail, no rollback, manual recovery.
osModa gives the agent structured access to the entire OS through 72 typed tools exposed via 9 Rust daemons. No shell parsing. system_health returns structured JSON. Every mutation is hash-chained. If a deploy breaks something, NixOS rolls back the entire system state atomically. If a service dies at 3am, osmoda-watch detects it, the agent diagnoses root cause, SafeSwitch deploys a fix — automatic rollback if health checks fail.
NixOS makes AI root access safer. Every system change is a transaction. Every state has a generation number. Rolling back is one command. The blast radius of system configuration is bounded and reversible. (NixOS rollback covers OS state — not data sent to external APIs, signed transactions, or deleted user data. See Threat Model.)
# flake.nix
inputs.os-moda.url = "github:bolivian-peru/os-moda";
# configuration.nix
imports = [ os-moda.nixosModules.default ];
services.osmoda.enable = true;sudo nixos-rebuild switch
curl -s --unix-socket /run/osmoda/agentd.sock http://localhost/health | jqThis is the primary install path. NixOS flakes give you reproducible builds, atomic upgrades, and instant rollback.
Warning: This converts your host OS to NixOS. It is a destructive, irreversible operation. Use on fresh/disposable servers only. Not recommended for production machines with existing workloads.
curl -fsSL https://raw.githubusercontent.com/bolivian-peru/os-moda/main/scripts/install.sh | sudo bashConverts Ubuntu/Debian to NixOS, builds 10 Rust binaries from source, installs the AI gateway + 72 tools, starts everything. Takes ~10 minutes.
Supported: Ubuntu 22.04+, Debian 12+, existing NixOS. x86_64 and aarch64.
git clone https://github.com/bolivian-peru/os-moda.git && cd os-moda
./scripts/deploy-hetzner.sh <server-ip> [ssh-key-path]Or from the server directly:
# First run (installs NixOS via nixos-infect — server reboots)
curl -fsSL .../install.sh | sudo bash
# Second run (after reboot)
curl -fsSL .../install.sh | sudo bash -s -- --skip-nixos --api-key sk-ant-...# System health (structured JSON, not text parsing)
curl -s --unix-socket /run/osmoda/agentd.sock http://localhost/health | jq
# Audit ledger integrity
agentctl verify-ledger --state-dir /var/lib/osmoda
# Wallet daemon health
curl -s --unix-socket /run/osmoda/keyd.sock http://localhost/health | jq
# Mesh identity (post-quantum keys)
curl -s --unix-socket /run/osmoda/mesh.sock http://localhost/identity | jq9 daemons, all Rust, communicating over Unix sockets. No daemon exposes TCP to the internet (except mesh peer port 18800, encrypted). The AI reaches the system exclusively through structured tool calls, never raw shell. One gateway, multiple routed agents — Opus for deep work (web), Sonnet for quick status (mobile).
┌──────────────────────────────────────────────────────────────────────────────┐
│ User — Terminal / Web / Telegram / WhatsApp │
├──────────────────────────────────────────────────────────────────────────────┤
│ AI Gateway (OpenClaw) Multi-Agent Router │
│ ├─ osmoda agent (Opus) 72 tools · 16 skills · full access · web │
│ └─ mobile agent (Sonnet) read-only tools · 5 skills · Telegram/WA │
│ osmoda-bridge 72 typed tools (shared plugin) │
│ MCP Servers (stdio) managed by osmoda-mcpd │
├────────┬────────┬────────┬──────────┬────────┬───────┬──────┬───────┬───────┤
│ agentd │ keyd │ watch │ routines │ mesh │ voice │ mcpd │teachd │egress │
│ System │ Crypto │ Safe │ Cron + │ P2P │ Local │ MCP │System │Domain │
│ bridge │ wallet │ Switch │ event │Noise_XX│ STT/ │server│learn │filter │
│ ledger │ ETH+ │ roll- │ automate │+ML-KEM │ TTS │life- │self- │proxy │
│ memory │ SOL │ back │ │hybrid │ │cycle │optim │ │
├────────┴────────┴────────┴──────────┴────────┴───────┴──────┴───────┴───────┤
│ NixOS — atomic rebuilds · instant rollback · generations │
└──────────────────────────────────────────────────────────────────────────────┘
RING 0 OpenClaw + agentd Root. Full system. This is the agent.
RING 1 Approved apps Sandboxed. Declared capabilities only.
RING 2 Untrusted tools Max isolation. No network. Minimal filesystem.
The agent is ring 0 by design. It's not a chatbot with sudo — it's a system service with structured access to everything, constrained by NixOS atomicity and its own audit ledger, not by permission denials. Lower rings cannot escalate privileges upward by design. Ring 0 remains the trusted computing base and must be governed by approval policies, spending limits, and audit review.
Every mutation creates a hash-chained event in SQLite:
hash = SHA-256(id | ts | type | actor | payload | prev_hash)
Append-only. Tamper-evident. Any single modification invalidates the chain. Verifiable offline with agentctl verify-ledger. Provides tamper-evident audit logging useful for compliance-oriented environments (SOC 2, HIPAA). The ledger is supporting infrastructure for compliance programs — not by itself proof of regulatory readiness.
What NixOS rollback covers: OS configuration, package state, service definitions, firewall rules, system generations. Any bad config change can be atomically reverted.
What rollback does NOT cover: Data already sent to external APIs, signed crypto transactions, deleted user data, exposed secrets, or side effects on remote systems. Ring 0 access means the agent can do anything the OS can do — the safety model relies on structured tools, approval policies, spending limits, audit trails, and NixOS atomicity, not on restricting the agent's access.
Non-goals for the current release:
- Ring 0 is not sandboxed — it is the trusted computing base. Misconfigured approval policies or compromised AI reasoning could cause harm that rollback cannot undo.
- The hash-chained ledger proves what happened, not that what happened was correct. It is an audit tool, not a prevention mechanism.
- The mesh crypto uses standard primitives (Noise_XX, ML-KEM-768) but has not had an external security audit. Key lifecycle, replay resistance, and downgrade protection need independent review before use in high-assurance environments.
| Daemon | What it does | Socket | Key feature |
|---|---|---|---|
| agentd | System bridge: processes, services, network, filesystem, NixOS config, kernel params. Hash-chained audit ledger. FTS5 full-text memory search (BM25-ranked). Agent Card (EIP-8004). Backups. | /run/osmoda/agentd.sock |
The kernel-level bridge between AI and OS |
| osmoda-keyd | Crypto wallet daemon. AES-256-GCM encrypted keys. ETH + SOL signing. JSON policy engine (daily limits, address allowlists). Keys never leave the daemon. | /run/osmoda/keyd.sock |
Runs with PrivateNetwork=true — zero network access |
| osmoda-watch | SafeSwitch: deploy with a timer, health checks, and automatic rollback if anything fails. Autopilot watchers: deterministic health checks with escalation (restart -> rollback -> notify). | /run/osmoda/watch.sock |
Blue-green deploys with automatic undo |
| osmoda-routines | Background cron/event/webhook automation. Runs between conversations. Health checks, log scans, service monitors, scheduled tasks. | /run/osmoda/routines.sock |
Agent actions that persist when nobody's chatting |
| osmoda-mesh | P2P encrypted agent-to-agent communication. Noise_XX (X25519/ChaChaPoly/BLAKE2s) + ML-KEM-768 hybrid post-quantum. Invite-based pairing. No central server. |
/run/osmoda/mesh.sock + TCP 18800 |
Agents talk to each other, end-to-end encrypted |
| osmoda-voice | Local speech-to-text (whisper.cpp) + text-to-speech (piper). All processing on-device. No cloud APIs. No data leaves the machine. | /run/osmoda/voice.sock |
Fully local voice, zero cloud dependency |
| osmoda-mcpd | MCP server lifecycle manager. Starts, monitors, restarts MCP servers from NixOS config. Generates OpenClaw MCP config. Injects egress proxy for sandboxed servers. | /run/osmoda/mcpd.sock |
Any MCP server becomes an OS capability via NixOS config |
| osmoda-teachd | System learning and self-optimization. OBSERVE loop (30s) collects CPU, memory, service, journal metrics. LEARN loop (5m) detects patterns (recurring failures, resource trends, anomalies, correlations). TEACH API injects relevant knowledge into agent context. Optimizer suggests and applies fixes via SafeSwitch. | /run/osmoda/teachd.sock |
The OS learns from its own behavior and improves over time |
| osmoda-egress | HTTP CONNECT proxy with domain allowlist per capability token. Only path to the internet for sandboxed tools. | 127.0.0.1:19999 |
Sandboxed tools can't phone home |
The AI doesn't shell out. It calls typed tools that return structured JSON:
system_health system_query system_discover
event_log memory_store memory_recall
shell_exec file_read file_write
directory_list service_status journal_logs
network_info wallet_create wallet_list
wallet_sign wallet_send wallet_delete
wallet_receipt safe_switch_begin safe_switch_status
safe_switch_commit safe_switch_rollback watcher_add
watcher_list routine_add routine_list
routine_trigger agent_card receipt_list
incident_create incident_step voice_status
voice_speak voice_transcribe voice_record
voice_listen backup_create backup_list
mesh_identity mesh_invite_create mesh_invite_accept
mesh_peers mesh_peer_send mesh_peer_disconnect
mesh_health mesh_room_create mesh_room_join
mesh_room_send mesh_room_history mcp_servers
mcp_server_start mcp_server_stop mcp_server_restart
teach_status teach_observations teach_patterns
teach_knowledge teach_knowledge_create teach_context
teach_optimize_suggest teach_optimize_apply
app_deploy app_list app_logs
app_stop app_restart app_remove
safety_rollback safety_status safety_panic
safety_restart
Predefined behavioral patterns the agent can follow:
Self-healing — detect failure, diagnose root cause, fix automatically, log receipt. Morning briefing — daily infrastructure health report. Security hardening — continuous CIS benchmark scoring with auto-remediation. Natural language config — "enable nginx with SSL for example.com" becomes NixOS config. Predictive resources — forecast disk/RAM/CPU exhaustion before it happens. Drift detection — find imperative changes that diverge from NixOS declarations. Generation timeline — correlate "what changed" with "when things broke" across NixOS generations. Flight recorder — black box telemetry for post-incident analysis. Nix optimizer — smart garbage collection and store deduplication. App deployer — deploy and manage user applications as systemd services with resource limits and boot persistence. Plus: system monitor, package manager, config editor, file manager, network manager, service explorer.
Access your server from anywhere — no SSH tunnels required:
# Cloudflare Tunnel (quick tunnel — no account needed)
services.osmoda.remoteAccess.cloudflare.enable = true;
# Or with your own tunnel
services.osmoda.remoteAccess.cloudflare.credentialFile = "/var/lib/osmoda/secrets/cf-creds.json";
services.osmoda.remoteAccess.cloudflare.tunnelId = "your-tunnel-id";
# Tailscale VPN
services.osmoda.remoteAccess.tailscale.enable = true;
services.osmoda.remoteAccess.tailscale.authKeyFile = "/var/lib/osmoda/secrets/tailscale-key";Emergency controls that bypass the AI entirely:
| Command | Action |
|---|---|
safety_rollback |
Immediate NixOS rollback to previous generation |
safety_status |
Raw health dump (shell fallback if agentd is down) |
safety_panic |
Stop all services + rollback NixOS |
safety_restart |
Restart the AI gateway |
Talk to your server from Telegram or WhatsApp:
services.osmoda.channels.telegram.enable = true;
services.osmoda.channels.telegram.botTokenFile = "/var/lib/osmoda/secrets/telegram-bot-token";GET /health System metrics (CPU, RAM, disk, load, uptime)
POST /system/query Run structured system queries
GET /system/discover Discover all running services, ports, systemd units
GET /events/log Hash-chained audit event log
POST /memory/ingest Store event in memory
POST /memory/recall FTS5 full-text search over system history (BM25-ranked)
POST /memory/store Store named memory with tags
GET /agent/card EIP-8004 Agent Card
POST /backup/create Create system backup
GET /backup/list List available backups
POST /incident/create Open incident workspace
POST /incident/{id}/step Add step to incident
GET /receipts Audit receipts
POST /wallet/create { chain: "ethereum"|"solana", label } → { id, address }
GET /wallet/list All wallets
POST /wallet/sign Policy-gated payload signing
POST /wallet/send Build signed transaction (no broadcast)
POST /switch/begin Start SafeSwitch deploy with TTL + health checks
POST /switch/commit/{id} Commit (health passed)
POST /switch/rollback/{id} Rollback (health failed or manual)
POST /watcher/add Add autopilot health watcher
POST /invite/create Generate invite code for peer
POST /invite/accept Accept invite, establish encrypted tunnel
GET /peers Connected peers
POST /peer/{id}/send Send encrypted message to peer
GET /identity Ed25519 + X25519 + ML-KEM-768 public keys
POST /routine/add Add cron/interval/webhook routine
GET /routine/list All routines
POST /routine/trigger/{id} Manually trigger routine
GET /routine/history Execution history
GET /health Server count, running count, per-server status
GET /servers All managed MCP servers with status and config
POST /server/{name}/start Start a stopped server
POST /server/{name}/stop Stop a running server
POST /server/{name}/restart Restart a server
POST /reload Re-read config, start new servers, stop removed ones
GET /health Observation/pattern/knowledge counts, loop status
GET /observations System observations (?source=cpu&since=...&limit=50)
GET /patterns Detected patterns (?type=recurring&min_confidence=0.5)
GET /knowledge Knowledge documents (?category=reliability&tag=...)
GET /knowledge/{id} Single knowledge document
POST /knowledge/create Manual knowledge doc {title, category, content, tags}
POST /knowledge/{id}/update Update knowledge doc {content?, tags?, category?}
POST /teach Context-aware knowledge injection {context: str}
POST /optimize/suggest Generate optimization suggestions from knowledge
POST /optimize/approve/{id} Approve a suggested optimization
POST /optimize/apply/{id} Apply optimization via SafeSwitch
GET /optimizations List optimizations (?status=suggested&limit=20)
git clone https://github.com/bolivian-peru/os-moda.git && cd os-moda
cargo check --workspace # Type check all 10 crates
cargo test --workspace # 136 tests
# Run agentd locally
cargo run -p agentd -- --socket /tmp/agentd.sock --state-dir /tmp/osmoda
# Dev VM with Sway desktop (requires Nix)
nix build .#nixosConfigurations.osmoda-dev.config.system.build.vm
./result/bin/run-osmoda-dev-vm -m 4096 -smp 4
# Build installer ISO
nix build .#nixosConfigurations.osmoda-iso.config.system.build.isoImagecrates/agentd/ System bridge daemon (API + ledger + memory)
crates/agentctl/ CLI (events, verify-ledger)
crates/osmoda-keyd/ Crypto wallet daemon (ETH + SOL, AES-256-GCM)
crates/osmoda-watch/ SafeSwitch + autopilot watchers
crates/osmoda-routines/ Background automation engine
crates/osmoda-egress/ Domain-filtered egress proxy
crates/osmoda-voice/ Local voice (whisper.cpp + piper)
crates/osmoda-mesh/ P2P mesh (Noise_XX + ML-KEM-768)
crates/osmoda-mcpd/ MCP server lifecycle manager
crates/osmoda-teachd/ System learning + self-optimization
packages/osmoda-bridge/ AI gateway plugin (72 tools, TypeScript)
nix/modules/osmoda.nix NixOS module (single source of truth)
nix/hosts/ VM, server, ISO configs
templates/ Agent identity + tools + heartbeat
skills/ 16 system skill definitions
- Rust (axum, tokio, rusqlite, serde, k256, ed25519-dalek, aes-gcm, sha3, snow, ml-kem)
- NixOS (flakes, crane, systemd, nftables, bubblewrap)
- TypeScript (osmoda-bridge gateway plugin)
Early beta. This is a working prototype, not production-grade infrastructure. Use on disposable servers or development environments. Expect rough edges.
10 Rust crates (9 daemons + 1 CLI), 136 tests passing, 72 bridge tools, 16 system skills.
Tested on hardware: Full deployment tested on Hetzner Cloud (CX22/CX23). All 9 daemons start, all sockets respond, wallet creation works, mesh identity generates, audit ledger chains correctly, teachd observes and learns. Stress tested: 100 concurrent health checks per daemon (700/700 OK), 50 concurrent complex queries, 20 rapid wallet create/delete cycles, hash chain verified across 300+ events with zero broken links.
What works now: Structured system access, hash-chained audit ledger, FTS5 full-text memory search, ETH + SOL crypto signing, SafeSwitch deploys with auto-rollback, background automation, P2P encrypted mesh with hybrid post-quantum crypto, local voice, MCP server management, system learning and self-optimization, service discovery, emergency safety commands, Cloudflare Tunnel + Tailscale remote access, app process management with systemd-run, all 72 bridge tools.
What's next: Web dashboard with live chat, semantic memory engine (usearch + fastembed), POST /nix/rebuild API, multi-model support, fleet coordination via mesh, external security audit of mesh crypto.
See ROADMAP.md for the full plan.
Early beta. Feedback welcome.
- Bug reports — open an issue, include logs
-
New skills — add
skills/<name>/SKILL.md, open a PR -
NixOS module —
nix/modules/osmoda.nixis the core -
Bridge tools —
packages/osmoda-bridge/index.ts
Apache 2.0. See LICENSE.
osModa — the server fixes itself at 3am.
For Tasks:
Click tags to check more tools for each tasksFor Jobs:
Alternative AI tools for os-moda
Similar Open Source Tools
os-moda
osModa is a NixOS distribution with 9 Rust daemons and 72 typed tools, providing structured access to the entire OS without shell parsing. Every mutation is hash-chained, enabling atomic system state rollbacks. The agent runs at ring 0 with root access, ensuring tamper-proof audit logging. Third-party tools are sandboxed, while the agent is not. It offers structured system access, hash-chained audit ledger, FTS5 full-text memory search, ETH + SOL crypto signing, SafeSwitch deploys with auto-rollback, P2P encrypted mesh with hybrid post-quantum crypto, local voice, MCP server management, system learning and self-optimization, service discovery, emergency safety commands, Cloudflare Tunnel + Tailscale remote access, app process management with systemd-run, and 72 bridge tools.
multi-agent-shogun
multi-agent-shogun is a system that runs multiple AI coding CLI instances simultaneously, orchestrating them like a feudal Japanese army. It supports Claude Code, OpenAI Codex, GitHub Copilot, and Kimi Code. The system allows you to command your AI army with zero coordination cost, enabling parallel execution, non-blocking workflow, cross-session memory, event-driven communication, and full transparency. It also features skills discovery, phone notifications, pane border task display, shout mode, and multi-CLI support.
nono
nono is a secure, kernel-enforced capability shell for running AI agents and any POSIX style process. It leverages OS security primitives to create an environment where unauthorized operations are structurally impossible. It provides protections against destructive commands and securely stores API keys, tokens, and secrets. The tool is agent-agnostic, works with any AI agent or process, and blocks dangerous commands by default. It follows a capability-based security model with defense-in-depth, ensuring secure execution of commands and protecting sensitive data.
vibe-remote
Vibe Remote is a tool that allows developers to code using AI agents through Slack or Discord, eliminating the need for a laptop or IDE. It provides a seamless experience for coding tasks, enabling users to interact with AI agents in real-time, delegate tasks, and monitor progress. The tool supports multiple coding agents, offers a setup wizard for easy installation, and ensures security by running locally on the user's machine. Vibe Remote enhances productivity by reducing context-switching and enabling parallel task execution within isolated workspaces.
VT.ai
VT.ai is a multimodal AI platform that offers dynamic conversation routing with SemanticRouter, multi-modal interactions (text/image/audio), an assistant framework with code interpretation, real-time response streaming, cross-provider model switching, and local model support with Ollama integration. It supports various AI providers such as OpenAI, Anthropic, Google Gemini, Groq, Cohere, and OpenRouter, providing a wide range of core capabilities for AI orchestration.
Archon
Archon is an AI meta-agent designed to autonomously build, refine, and optimize other AI agents. It serves as a practical tool for developers and an educational framework showcasing the evolution of agentic systems. Through iterative development, Archon demonstrates the power of planning, feedback loops, and domain-specific knowledge in creating robust AI agents.
specweave
SpecWeave is a spec-driven Skill Fabric for AI coding agents that allows programming AI in English. It provides first-class support for Claude Code and offers reusable logic for controlling AI behavior. With over 100 skills out of the box, SpecWeave eliminates the need to learn Claude Code docs and handles various aspects of feature development. The tool enables users to describe what they want, and SpecWeave autonomously executes tasks, including writing code, running tests, and syncing to GitHub/JIRA. It supports solo developers, agent teams working in parallel, and brownfield projects, offering file-based coordination, autonomous teams, and enterprise-ready features. SpecWeave also integrates LSP Code Intelligence for semantic understanding of codebases and allows for extensible skills without forking.
tandem
Tandem is a local-first, privacy-focused AI workspace that runs entirely on your machine. It is inspired by early AI coworking research previews, open source, and provider-agnostic. Tandem offers privacy-first operation, provider agnosticism, zero trust model, true cross-platform support, open-source licensing, modern stack, and developer superpowers for everyone. It provides folder-wide intelligence, multi-step automation, visual change review, complete undo, zero telemetry, provider freedom, secure design, cross-platform support, visual permissions, full undo, long-term memory, skills system, document text extraction, workspace Python venv, rich themes, execution planning, auto-updates, multiple specialized agent modes, multi-agent orchestration, project management, and various artifacts and outputs.
llmos
LLMos is an operating system designed for physical AI agents, providing a hybrid runtime environment where AI agents can perceive, reason, act on hardware, and evolve over time locally without cloud dependency. It allows natural language programming, dual-brain architecture for fast instinct and deep planner brains, markdown-as-code for defining agents and skills, and supports swarm intelligence and cognitive world models. The tool is built on a tech stack including Next.js, Electron, Python, and WebAssembly, and is structured around a dual-brain cognitive architecture, volume system, HAL for hardware abstraction, applet system for dynamic UI, and dreaming & evolution for robot improvement. The project is in Phase 1 (Foundation) and aims to move into Phase 2 (Dual-Brain & Local Intelligence), with contributions welcomed under the Apache 2.0 license by Evolving Agents Labs.
mcp-ts-template
The MCP TypeScript Server Template is a production-grade framework for building powerful and scalable Model Context Protocol servers with TypeScript. It features built-in observability, declarative tooling, robust error handling, and a modular, DI-driven architecture. The template is designed to be AI-agent-friendly, providing detailed rules and guidance for developers to adhere to best practices. It enforces architectural principles like 'Logic Throws, Handler Catches' pattern, full-stack observability, declarative components, and dependency injection for decoupling. The project structure includes directories for configuration, container setup, server resources, services, storage, utilities, tests, and more. Configuration is done via environment variables, and key scripts are available for development, testing, and publishing to the MCP Registry.
OpenSpec
OpenSpec is a tool for spec-driven development, aligning humans and AI coding assistants to agree on what to build before any code is written. It adds a lightweight specification workflow that ensures deterministic, reviewable outputs without the need for API keys. With OpenSpec, stakeholders can draft change proposals, review and align with AI assistants, implement tasks based on agreed specs, and archive completed changes for merging back into the source-of-truth specs. It works seamlessly with existing AI tools, offering shared visibility into proposed, active, or archived work.
gigachad-grc
A comprehensive, modular, containerized Governance, Risk, and Compliance (GRC) platform built with modern technologies. Manage your entire security program from compliance tracking to risk management, third-party assessments, and external audits. The platform includes specialized modules for Compliance, Data Management, Risk Management, Third-Party Risk Management, Trust, Audit, Tools, AI & Automation, and Administration. It offers features like controls management, frameworks assessment, policies lifecycle management, vendor risk management, security questionnaires, knowledge base, audit management, awareness training, phishing simulations, AI-powered risk scoring, and MCP server integration. The tech stack includes Node.js, TypeScript, React, PostgreSQL, Keycloak, Traefik, Redis, and RustFS for storage.
Antigravity-Workflow-System
Antigravity Workflow System is a structured workflow framework for Agentic AI assistants, addressing core pain points of the Vibe Coding era. It enforces architecture design first, tackles issues like architecture drift, spaghetti code, context amnesia, and lack of planning. The system includes workflows like `/genesis`, `/scout`, `/design-system`, `/challenge`, `/blueprint`, `/forge`, `/change`, `/explore`, and `/craft`, emphasizing versioned architecture, deep thinking first, and filesystem as memory. It requires the Antigravity environment with `.agent/workflows/` support and Sequential Thinking MCP Server for deep reasoning. Users can invoke workflows using the Slash Protocol or Intent Protocol, with a defined project structure under `.agent/` directory. Contributions are encouraged, and the system is licensed under MIT.
httpjail
httpjail is a cross-platform tool designed for monitoring and restricting HTTP/HTTPS requests from processes using network isolation and transparent proxy interception. It provides process-level network isolation, HTTP/HTTPS interception with TLS certificate injection, script-based and JavaScript evaluation for custom request logic, request logging, default deny behavior, and zero-configuration setup. The tool operates on Linux and macOS, creating an isolated network environment for target processes and intercepting all HTTP/HTTPS traffic through a transparent proxy enforcing user-defined rules.
openlegion
OpenLegion is an AI agent framework designed for builders who need secure, isolated, and production-ready AI agents. Each agent runs in its own Docker container with API keys stored securely in a vault. The framework offers autonomous AI agent fleets with features like chat via Telegram, Discord, Slack, or WhatsApp, built-in cost controls, and 100+ LLM providers. It provides detailed security measures, production-grade cost control, deterministic multi-agent orchestration, autonomous agent actions, self-awareness, and self-improvement capabilities. OpenLegion is fully auditable, lightweight, and offers a real-time dashboard for fleet observability.
OpenOutreach
OpenOutreach is a self-hosted, open-source LinkedIn automation tool designed for B2B lead generation. It automates the entire outreach process in a stealthy, human-like way by discovering and enriching target profiles, ranking profiles using ML for smart prioritization, sending personalized connection requests, following up with custom messages after acceptance, and tracking everything in a built-in CRM with web UI. It offers features like undetectable behavior, fully customizable Python-based campaigns, local execution with CRM, easy deployment with Docker, and AI-ready templating for hyper-personalized messages.
For similar tasks
linux-mcp-server
Linux MCP Server is a powerful tool for managing multiple Linux servers from a central location. It provides a user-friendly interface to monitor server health, deploy updates, and automate routine tasks across a network of servers. With Linux MCP Server, system administrators can efficiently manage server configurations, troubleshoot issues, and ensure the security of their infrastructure.
os-moda
osModa is a NixOS distribution with 9 Rust daemons and 72 typed tools, providing structured access to the entire OS without shell parsing. Every mutation is hash-chained, enabling atomic system state rollbacks. The agent runs at ring 0 with root access, ensuring tamper-proof audit logging. Third-party tools are sandboxed, while the agent is not. It offers structured system access, hash-chained audit ledger, FTS5 full-text memory search, ETH + SOL crypto signing, SafeSwitch deploys with auto-rollback, P2P encrypted mesh with hybrid post-quantum crypto, local voice, MCP server management, system learning and self-optimization, service discovery, emergency safety commands, Cloudflare Tunnel + Tailscale remote access, app process management with systemd-run, and 72 bridge tools.
AIDA64CRCK
AIDA64CRCK is a tool designed for Windows users to access the latest version for free. It provides users with comprehensive system information and diagnostics to optimize their computer performance. The tool is user-friendly and offers detailed insights into hardware components, software configurations, and system stability. With AIDA64CRCK, users can easily monitor their system health and troubleshoot any issues that may arise, making it a valuable utility for both casual users and tech enthusiasts.
For similar jobs
kaito
Kaito is an operator that automates the AI/ML inference model deployment in a Kubernetes cluster. It manages large model files using container images, avoids tuning deployment parameters to fit GPU hardware by providing preset configurations, auto-provisions GPU nodes based on model requirements, and hosts large model images in the public Microsoft Container Registry (MCR) if the license allows. Using Kaito, the workflow of onboarding large AI inference models in Kubernetes is largely simplified.
ai-on-gke
This repository contains assets related to AI/ML workloads on Google Kubernetes Engine (GKE). Run optimized AI/ML workloads with Google Kubernetes Engine (GKE) platform orchestration capabilities. A robust AI/ML platform considers the following layers: Infrastructure orchestration that support GPUs and TPUs for training and serving workloads at scale Flexible integration with distributed computing and data processing frameworks Support for multiple teams on the same infrastructure to maximize utilization of resources
tidb
TiDB is an open-source distributed SQL database that supports Hybrid Transactional and Analytical Processing (HTAP) workloads. It is MySQL compatible and features horizontal scalability, strong consistency, and high availability.
nvidia_gpu_exporter
Nvidia GPU exporter for prometheus, using `nvidia-smi` binary to gather metrics.
tracecat
Tracecat is an open-source automation platform for security teams. It's designed to be simple but powerful, with a focus on AI features and a practitioner-obsessed UI/UX. Tracecat can be used to automate a variety of tasks, including phishing email investigation, evidence collection, and remediation plan generation.
openinference
OpenInference is a set of conventions and plugins that complement OpenTelemetry to enable tracing of AI applications. It provides a way to capture and analyze the performance and behavior of AI models, including their interactions with other components of the application. OpenInference is designed to be language-agnostic and can be used with any OpenTelemetry-compatible backend. It includes a set of instrumentations for popular machine learning SDKs and frameworks, making it easy to add tracing to your AI applications.
BricksLLM
BricksLLM is a cloud native AI gateway written in Go. Currently, it provides native support for OpenAI, Anthropic, Azure OpenAI and vLLM. BricksLLM aims to provide enterprise level infrastructure that can power any LLM production use cases. Here are some use cases for BricksLLM: * Set LLM usage limits for users on different pricing tiers * Track LLM usage on a per user and per organization basis * Block or redact requests containing PIIs * Improve LLM reliability with failovers, retries and caching * Distribute API keys with rate limits and cost limits for internal development/production use cases * Distribute API keys with rate limits and cost limits for students
kong
Kong, or Kong API Gateway, is a cloud-native, platform-agnostic, scalable API Gateway distinguished for its high performance and extensibility via plugins. It also provides advanced AI capabilities with multi-LLM support. By providing functionality for proxying, routing, load balancing, health checking, authentication (and more), Kong serves as the central layer for orchestrating microservices or conventional API traffic with ease. Kong runs natively on Kubernetes thanks to its official Kubernetes Ingress Controller.